diff --git a/contrib/azurerm/group_vars/all b/contrib/azurerm/group_vars/all
index 7aaa346f6697e94da724609e41254889e5c0de6d..52b19b1e306a1f49d7e77efce1b125a1176c9ed8 100644
--- a/contrib/azurerm/group_vars/all
+++ b/contrib/azurerm/group_vars/all
@@ -7,6 +7,10 @@ cluster_name: example
 # node that can be used to access the masters and minions
 use_bastion: false
 
+# Set this to a prefered name that will be used as the first part of the dns name for your bastotion host. For example: k8s-bastion.<azureregion>.cloudapp.azure.com.
+# This is convenient when exceptions have to be configured on a firewall to allow ssh to the given bastion host.
+# bastion_domain_prefix: k8s-bastion
+
 number_of_k8s_masters: 3
 number_of_k8s_nodes: 3
 
diff --git a/contrib/azurerm/roles/generate-templates/templates/bastion.json b/contrib/azurerm/roles/generate-templates/templates/bastion.json
index 5bf1d75ee43964f3e0025b0bd9b90d5dddbc3ca2..d7fd9c8f6ca48cac04a5d4bc2fb5795700fd542c 100644
--- a/contrib/azurerm/roles/generate-templates/templates/bastion.json
+++ b/contrib/azurerm/roles/generate-templates/templates/bastion.json
@@ -15,7 +15,12 @@
       "name": "{{bastionIPAddressName}}",
       "location": "[resourceGroup().location]",
       "properties": {
-        "publicIPAllocationMethod": "Static"
+        "publicIPAllocationMethod": "Static",
+        "dnsSettings": {
+          {% if bastion_domain_prefix %}
+          "domainNameLabel": "{{ bastion_domain_prefix }}"
+          {% endif %}
+        }
       }
     },
     {